Data theft has been one of the cyber-crimes since the existence of the computer age. The business sector has been the most affected by data theft in terms of loss in the United States, cyber-crimes have the highest average annual costs for the financial services industry. Identity theft is the most common type of cyber-crime experienced by Americans.
Data theft is a growing phenomenon primarily caused by system administrators and office workers with access to technology such as database servers, desktop computers, and a growing list of hand-held devices capable of storing digital information, such as USB flash drives, iPods and even digital cameras. Some employees have access to confidential information for the company they work for and sometimes misuse them when they leave the company or are still in employment. This data could be sold or bought, used by criminals and criminal organizations.
Thumb sucking is a data theft method involving the unintentional use of a portable USB mass storage device, such as a USB flash drive (or “thumb drive”), to illicitly download confidential data from a network endpoint. The threat of thumb sucking has amplified since the storage capacity of portable USB devices has increased.
As data theft risk becomes increasingly problematic, organizations need to take steps to protect their sensitive data. There are some steps any company can take to protect its data. These include securing sensitive customers, employees, and patient data by keeping storage devices containing sensitive information in a locked, secure area and restricting access to sensitive data.
Properly dispose of sensitive data and remove all data from computers and devices before disposing of them.
Use password protection for all business computers and devices, and require employees to have unique usernames and strong passwords that they change regularly.
Encrypt sensitive data and use encryption on all laptops, devices, and emails that contain sensitive data.
Protect against viruses and malware by installing and using antivirus and antispyware software on all business computers.
Keep your software and operating systems up to date by installing updates to security, web browsers, operating systems, and antivirus software as soon as they become available.
Secure access to your network with firewalls, remote access through properly configured Virtual Private Networks, and Wi-Fi networks that are secure and encrypted.
Verify the security controls of third parties and make sure their data protection practices meet your requirements and that you have the right to audit them.
Train your employees to ensure they understand your data protection practices and their importance.